We track visits with Umami — privacy-friendly, no cookies. But the hosted script lives on cloud.umami.is, which sits on every ad- and privacy-blocker’s list. Out of the box, a big chunk of visits simply never get counted.
Why it gets blocked
Blockers match on domain. cloud.umami.is is a known analytics host, so uBlock, Brave shields, and friends drop both the script and the tracking beacon before they ever fire.
Serve it first-party
The fix is to route everything through our own domain. An nginx location proxies the script and the collection endpoint, so the browser only ever talks to rootstest.de — nothing on a blocklist.
location = /u/script.js {
proxy_pass https://cloud.umami.is/script.js;
}
location = /u/api/send {
proxy_pass https://cloud.umami.is/api/send;
proxy_set_header X-Forwarded-For $remote_addr;
}
The tracking tag then points at /u/script.js with data-host-url="/u", and Umami sends its beacon to our proxy instead of its own domain.
Keep the visitor’s IP
Proxying would normally hide every visitor behind the server’s IP, so we forward X-Forwarded-For. Umami still resolves the correct country and city.
Result
The script and beacon both travel through rootstest.de, so domain-based blockers don’t catch them — and geolocation still works.